Exploiting new-era of Request forgery on mobile applications
http://dphoeniixx.com/2020/12/13-2/
http://dphoeniixx.com/2020/12/13-2/
Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit
https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/
https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/
The Citizen Lab
The Great iPwn
Government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute…
Analysis of 13 popular secure messaging apps:
https://cybernews.com/security/research-nearly-all-of-your-messaging-apps-are-secure/
https://cybernews.com/security/research-nearly-all-of-your-messaging-apps-are-secure/
Cybernews
Research: nearly all of your messaging apps are secure
We tested the security of 13 popular and less-popular secure messaging apps and have good news: most provide default security out of the box.
Settting up iOS Debugging
https://understruction.com/setting-up-ios-debugging
https://understruction.com/setting-up-ios-debugging
Android Security
Supplementary material for Android Trainings:
1) Deep Dive Android
2) Xtreme Android Hacking
3) Android Pentesting
https://github.com/anantshri/Android_Security
Supplementary material for Android Trainings:
1) Deep Dive Android
2) Xtreme Android Hacking
3) Android Pentesting
https://github.com/anantshri/Android_Security
GitHub
GitHub - anantshri/Android_Security: This repository is a suplimentary material for Android Training's done by Anant Shrivastava…
This repository is a suplimentary material for Android Training's done by Anant Shrivastava from 2012-2017 - anantshri/Android_Security
Explanation of Samsung's Real-time Kernel Protection and reveal the vulnerability, the one-liner exploit
https://blog.longterm.io/samsung_rkp.html
https://blog.longterm.io/samsung_rkp.html
Pwn To Own LG phones
https://douevenknow.us/post/639414006930702336/tying-it-all-together-pwning-to-own-on-lg-phones
https://douevenknow.us/post/639414006930702336/tying-it-all-together-pwning-to-own-on-lg-phones
Tumblr
Tying It All Together - Pwning To Own on LG phones
Last year I detailed a secure EL3 vulnerability which affected (and still affects, for devices with discontinued updates) LG Android devices. However, this vulnerability alone isn't actually all that...
Comparing user data gathering of popular messaging apps (Signal won)
https://9to5mac.com/2021/01/04/app-privacy-labels-messaging-apps/
https://9to5mac.com/2021/01/04/app-privacy-labels-messaging-apps/
9to5Mac
App privacy labels show stark contrasts among messaging apps - 9to5Mac
Apple's new app privacy labels went live in the App Store last month, giving users the chance to see what data is collected by each ...
Which messenger is the most secure?
Analysis done by Threema.
https://threema.ch/en/messenger-comparison
Analysis done by Threema.
https://threema.ch/en/messenger-comparison
threema.ch
Comparison of Popular Messenger Services – Threema
Signal, Telegram, WhatsApp, or Threema: Learn how these messengers differ in terms of privacy, features, and security.
Going Rogue - a Mastermind behind Android Malware Returns with a New RAT
https://research.checkpoint.com/2021/going-rogue-a-mastermind-behind-android-malware-returns-with-a-new-rat/
https://research.checkpoint.com/2021/going-rogue-a-mastermind-behind-android-malware-returns-with-a-new-rat/
Check Point Research
Going Rogue- a Mastermind behind Android Malware Returns with a New RAT - Check Point Research
Research by: Aviran Hazum, Alex Shamshur, Raman Ladutska, Ohad Mana, Israel Wernik Introduction Now more than ever, we rely on our smartphones to keep in touch with our work, our families and the world around us. There are over 3.5 billion smartphone users…
Detail analysis of Android vulnerabilities being exploited in the wild found by Project Zero
Android Exploits ITW: https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-exploits.html
Android Post-Exploitation https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-post-exploitation.html
Android Exploits ITW: https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-exploits.html
Android Post-Exploitation https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-post-exploitation.html
Blogspot
In-the-Wild Series: Android Exploits
This is part 4 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other pa...
👍1
xnuspy - iOS kernel function hooking framework for checkra1n'able devices
https://github.com/jsherman212/xnuspy
https://github.com/jsherman212/xnuspy
GitHub
GitHub - jsherman212/xnuspy: an iOS kernel function hooking framework for checkra1n'able devices
an iOS kernel function hooking framework for checkra1n'able devices - jsherman212/xnuspy
How to use Ghidra to Reverse Engineer Mobile Application
https://medium.com/bugbountywriteup/how-to-use-ghidra-to-reverse-engineer-mobile-application-c2c89dc5b9aa
https://medium.com/bugbountywriteup/how-to-use-ghidra-to-reverse-engineer-mobile-application-c2c89dc5b9aa
Medium
How to use Ghidra to Reverse Engineer Mobile Application
Unveil the
Adware found on Google Play store
https://www.whiteops.com/blog/imitation-is-the-sincerest-form-of-fraudery?s=03
https://www.whiteops.com/blog/imitation-is-the-sincerest-form-of-fraudery?s=03
HUMAN
Imitation is the sincerest form of fraudery
The White Ops Satori Threat Intelligence and Research Team uncovered more than 140 fraudulent apps with more than ten million downloads among them.
Reverse Engineering Android React Native application
https://secureitmania.medium.com/lets-know-how-i-have-explored-the-buried-secrets-in-react-native-application-6236728198f7
https://secureitmania.medium.com/lets-know-how-i-have-explored-the-buried-secrets-in-react-native-application-6236728198f7
Medium
Let’s know How I have explored the buried secrets in React Native application
A new era in Android Reverse Engineering part-1
Vulnerability in Shazam application allowed an attacker to steal location of a user by clicking a link
https://www.ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792
https://www.ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792
www.ash-king.co.uk
ShazLocate!
Abusing CVE-2019-8791 & CVE-2019-8792
Abusing CVE-2019-8791 & CVE-2019-8792
Stealing location data with a single click via Shazam
How to gain access to arbitrary Content Providers
https://blog.oversecured.com/Gaining-access-to-arbitrary-Content-Providers/
https://blog.oversecured.com/Gaining-access-to-arbitrary-Content-Providers/
News, Techniques & Guides
Gaining access to arbitrary* Content Providers
The vulnerability we shall be looking at is very common, but remains little known. We want to shed some light on it today, so as to help app developers avoid it when they write their apps and security researchers find it in other people's apps and warn the…
A Special Attack Surface of the Android System (1): Evil Dialog Box
https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1351377961017942016
https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1351377961017942016